Commit Graph

374 Commits

Author SHA1 Message Date
matthieu
3b3c79f0b0 MFC: Unvalidated lengths
v2: Add overflow check and remove unnecessary check (Julien Cristau)

This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
2017-10-14 09:20:42 +00:00
matthieu
fe08a081d8 MFC: os: Make sure big requests have sufficient length.
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF.  Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
2017-10-14 09:17:40 +00:00
matthieu
9b9efb1bdf MFC: xkb: Handle xkb formated string output safely (CVE-2017-13723)
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.
2017-10-14 09:15:11 +00:00
matthieu
fd77a34918 MFC: xkb: Escape non-printable characters correctly
XkbStringText escapes non-printable characters using octal numbers.
Such escape sequence would be at most 5 characters long ("\0123"), so
it reserves 5 bytes in the buffer. Due to char->unsigned int
conversion, it would print much longer string for negative numbers.
2017-10-14 09:12:44 +00:00
matthieu
2f2a50b99b MFC: Xext/shm: Validate shmseg resource id (CVE-2017-13721)
Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.
2017-10-14 09:06:06 +00:00
matthieu
c6ab499027 Force Intel Ironlake chipsets to use the xf86-video-intel driver.
stsp@ reported that modesetting(4) has been reported unreliable
on his laptop, while intel(4) works.

XXXX to be removed after 6.2 to figure out and fix the issue.

ok kettenis@, also discussed briefly with deraadt@ during EuroBSDCon.
2017-09-25 15:05:57 +00:00
matthieu
b8da768ee9 Disable SSE optimizations on i386/amd64 for SlowBcopy.
It is supposed to be slow, and when such instructions are used to copy
data from/to mapped video memory, some hypervisors (e.g. KVM,
Microsoft Hyper-V) can generate SIGILL or SIGBUS exceptions, causing
Xorg to crash.

Bug report to OpenBSD by Max Parmer, fix from FreeBSD (Dimitry Andric)
via kettenis@

ok kettenis@
2017-08-07 19:17:56 +00:00
kettenis
38475bb3b2 Create on OpenBSD-specific version of listPossibleVideoDrivers() that takes
care of autoconfiguration based on the information returned by the
WSDISPLAYIO_GTYPE ioctl of the console FD.  This should fix selection of
wsfb on loongson and sgi when using a non-KMS kernel driver.

ok matthieu@, jsg@
2017-08-07 12:30:34 +00:00
kettenis
d74e2cb101 Use the modesetting driver by default on 4th generation Intel Graphics and
later.  This matches what several Linux distros do these days as it tends to
work better than the intel driver in most cases.

There are some performance issues with vncviewer on at least Ivy Bridge and
Haswell.  But for now that regression outweighs the benefits.

ok robert@, tedu@, sthen@
2017-07-14 11:38:05 +00:00
kettenis
11bfbfff1e Add code to update the value of the RandR "Backlight" property based on the
KMS connector property of the same name if such a property is present.

ok matthieu@
2017-07-12 20:08:07 +00:00
matthieu
1862f5487a Merge upstream fixes to the X event swapping code.
(CVE-2017-10971 and CVE-2017-10972).
2017-07-07 06:22:19 +00:00
visa
55a8e552e5 Make X work with radeondrm(4) hardware on loongson.
OK jsg@
2017-05-21 13:18:29 +00:00
jsg
f372d76f12 make xserver build on arm64
ok matthieu@
2017-03-07 03:40:33 +00:00
matthieu
2666ed3f9e Fix arc4random_buf(3) detection. Noticed by Eric Engestrom on
the xorg-devel list. Thanks
2017-03-01 19:22:36 +00:00
matthieu
da8f098a38 Oops, in previous commit I forgot to remove the actual implementation
of the unused *ToID functions(). Spotted by Adam Jackson on xorg-devel
list.  Thanks.
2017-02-28 23:05:46 +00:00
matthieu
5d64bd18eb regen 2017-02-28 18:33:44 +00:00
matthieu
e087a236fc auth: remove AuthToIDFunc and associated functions. Not used anymore.
And the current code for MitToId has a use-after-free() issue.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org
2017-02-28 18:32:53 +00:00
matthieu
eb3d247766 MFC: Use arc4random_buf(3) if available to generate cookies.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:27:40 +00:00
matthieu
9ddca5b541 MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
2017-02-28 18:24:48 +00:00
matthieu
fd18c20e72 regen 2016-10-11 22:14:30 +00:00
deraadt
13cbbbd6c0 ignore chown error (for systems which don't install a Xserver) 2016-10-04 19:48:48 +00:00
matthieu
8587a95e4f fix the ownership of the link /usr/X11R6/bin/X -> Xorg 2016-10-02 17:21:29 +00:00
matthieu
b9d0c0fb7c Fix a bunch of gcc warnings.
- constify name field
- rename devname -> devnam
- replace deprecated Xprintf() with asprintf()
2016-09-12 21:57:14 +00:00
matthieu
595a0e50e5 sys/select.h -> sys/time.h 2016-09-12 21:46:25 +00:00
matthieu
d2533042e8 Fix build after headers cleanup.
include wscons headers after sys/ioct.h and sys/select.h
with deraadt@ and kettenis@
2016-09-12 21:44:30 +00:00
guenther
8113144b81 Remove zaurus keyboard model
ok matthieu@
2016-09-03 14:58:02 +00:00
matthieu
ee65902dd0 Kill remaining HP300 bits 2016-08-13 14:05:23 +00:00
matthieu
6e1bcfb3c6 Update to xserver 1.18.4
tested by krw@ and dcoppa@ ok dcoppa@
2016-08-09 18:59:50 +00:00
matthieu
185312ce1c xserver: fix an off-by-one error that lead to asprintf("%s", NULL)
reported by deraadt@, fix reviewed in X.Org by Keith Packard.
2016-08-03 19:31:23 +00:00
matthieu
7d876864d7 Merge the build of Xephyr in the main xserver build.
Recent X server doesn't require to build the DIX with different
options for xfree86 and kdrive.

Tested for beeing a no-op on m88k by Kenji Aoyama. Thanks
2016-07-30 12:18:35 +00:00
matthieu
e927c03e30 Update to xserver 1.18.3. Tested by shadchin@ and naddy@.
Note that indirect GLX is now disbled by default.
2016-05-29 12:02:34 +00:00
matthieu
5b07d03465 No more hppa64 2016-05-12 07:19:50 +00:00
matthieu
6b14cdf954 Fix white space/indentation to match X.Org style. 2016-04-24 17:21:55 +00:00
matthieu
a009af0b91 Fall back to /dev/ttyC0 when the console device is not a wsdisplay(4)
Problem noticed by sthen@.
2016-04-24 17:20:04 +00:00
matthieu
a096d7ad4a Don't build the PCVT console backend anymore. 2016-04-02 16:57:58 +00:00
matthieu
3b5e851da5 Implement VT switching (based on the USL compat interface) in the
wscons console backend and use it by default.
ok kettenis@
2016-04-02 14:25:10 +00:00
matthieu
e44b23d20c Make alpha_video.c build in recent X server.
Completely broken on VGA cards (libpciaccess doesn't know about
the alpha specific ways of mapping the PCI space),
only XRender is broken on TGA cards.
2016-03-27 18:48:41 +00:00
okan
27f67406f3 Remove support vax and XENOCARA_HAVE_SHARED_LIBS scaffolding.
ok matthieu@
2016-03-11 13:09:42 +00:00
matthieu
ab587bced4 Cleanup gcc warnings and function prototypes. 2016-03-06 17:11:46 +00:00
matthieu
926017f7f5 Fix typo introduced 5.5 years ago.
Note: this changes the #if test result, but the now #ifdef out code
has no effect.
2016-03-06 16:09:27 +00:00
matthieu
4a17b80391 No more aviion 2016-02-20 10:58:10 +00:00
jsg
f158428621 solbourne was removed 2016-02-07 09:51:01 +00:00
bentley
ca4d05124d Detect keyboard configuration by masking bits, not equality checks.
Fixes the case where a kbd(8) setting has multiple bits set
(e.g., us.dvorak.swapctrlcaps). Bug reported by Sevan Janiyan.

ok shadchin@ matthieu@
2015-12-29 18:47:21 +00:00
kettenis
ed4591c1ef On Broadwell, default to using the modesetting driver. Our KMS support on
Broadwell is still a bit weak and the modesetting driver seems to work
better than the intel driver, while still providing 3D acceleration and
video playback support.

ok phessler@, matthieu@, jsg@
2015-12-21 08:37:11 +00:00
kettenis
c7a6143bc4 Enable glamor on architectures where we have OpenGL.
ok jsg@, matthieu@
2015-12-01 21:20:21 +00:00
kettenis
2e2a8984c6 Remove a check for DRI3 in glamor_name_from_pixmap(). This makes DRI2 work
on OpenBSD where we don't have support for DRI3 yet.

ok jsg@, matthieu@
2015-12-01 21:18:47 +00:00
kettenis
bfcc545caa Use an ARGB8888 based texture even when DRI3 isn't enabled. This achieves the
same effect as a change that was recently made upstream.  The code changed
significantly in the meantime.

ok jsg@, matthieu@
2015-12-01 21:17:49 +00:00
kettenis
e6977614b0 Call miSyncSetup() if we don't call miSyncShmScreenInit() because
HAVE_XSHMFENCE isn't defined.  This makes sure the relevant "private key"
gets installed such that we don't hit a fatal assert later.

ok jsg@, matthieu@
2015-12-01 21:13:48 +00:00
aoyama
184a98336b Pass --disable-libdrm option to configure when the machine does not
support DRI.  Found while building Xorg server on luna88k.

"fine for now" matthieu@
2015-11-17 10:49:57 +00:00
matthieu
1e036e407b Remove the -configure option. This has been broken for a loong time
and no one is going to fix it.
2015-11-15 08:28:24 +00:00